What's the issue?
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentConfigurationServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/configuration" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected.
CVE-2021-42787
Severity: Critical
Versions Affected: <11.8.8, 12.x<12.13, 10.x
Directory Traversal Write/Delete/Partial Read at AgentConfigurationServlet (CVE-2021-42787)
Description
Solution
Mitigation
The vulnerability has been fixed in AppInternals Agent GA versions 11.8.8 and 12.14.0 and later. They are available for download on the Aternity Support Portal.
Credit
Discovered by GovTech Security Team (Darrel Huang, Bjorn Lim, Leng Kang Hao).
The vulnerability has been fixed in AppInternals Agent GA versions 11.8.8 and 12.14.0 and later. They are available for download on the Aternity Support Portal.
Credit
Discovered by GovTech Security Team (Darrel Huang, Bjorn Lim, Leng Kang Hao).
Environment
SteelCentral AppInternals Dynamic Sampling Agent
Related Bugs
Attachments
Related Files
NOTICE: Riverbed® product names have changed. Please refer to the Product List for a complete list of product names.
Can't find an answer? Create a case